As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
If this question can be reworded to fit the rules in the help center, please edit the question.

3 Answers
3

If the university handed you the computer with the operating system already installed, it could in principle have any number of tracking systems already installed. In the most devious of scenarios, it could have a dedicated hardware device within the unit that could record every keystroke and communicate it through a separate internet connection such as cellular data.

This question is very broad. The answer to a question beginning with "Can" in the context of information security is almost always "Yes". What you should concern yourself with is:

Specific information that provides evidence that there is tracking going on

Specific information that provides evidence that there is not tracking of a specific type going on

This really boils down to you understanding, and being in control of, the hardware and software that you are depending on to run your computer. Since you bought it through the university, if it ever reached a university employee's hands prior to reaching you, they theoretically could have done anything they wanted to the physical unit to enable tracking at any level. They could even be malicious if they wanted and steal personal information and use it in illegal ways.

If these possibilities bother you, then the only way that you can satisfy yourself is by arming yourself with knowledge about specific things to look for and specific ways to address them. I would probably start with buying a computer directly from a trusted retail manufacturer, and not from a university, re-seller, etc. Then, you should completely wipe all persistent storage media and re-flash the BIOS as soon as you get the unit, before you use it for anything important. Then, you should open up the hardware chassis and check for any anomalies. Compare parts that are present in the manufacturer's stated technical manual with parts that are actually there, and make sure there aren't any unidentified parts.

If you eliminate the possibility that the hardware itself is compromised, and you eliminate the possibility that the operating system image was given to you with tracking software pre-installed, the possibility that they can track you on your home internet connection is much smaller. This is especially the case considering that:

A university is not, in most countries at least, a law enforcement organization, and as such does not have special privileges to eavesdrop legally or semi-legally on civilian internet connections, which are protected by privacy laws in most countries (note that the privacy laws primarily stop other civilians from legally eavesdropping, but do not, generally, stop government agencies on official business from doing so)

Most connections that you would make to a university (such as a web site visit) do not give the university's systems enough access to your computer to properly track your visits to other sites. Moreover, even if they were able to tell that you went to some specific website, they would probably not be able to tell what exact activity you had at that site, just with information that can be gleaned from, say, tracking cookies. Any such information provided to the university would have to involve direct collusion between the other website you visited and the university.

Also, I think it is a very bad idea to admit in your question that you may have done something which could run contrary to your university's academic policies or, worse, your local or national law. It is perfectly legitimate to be concerned about your privacy and the information security of the systems you are operating, and for that reason I am providing a thorough answer; but it sounds like you really do not possess the background to properly assess your own information security, so I wish you the best of luck, but I think that, if they were watching then you are already caught; and if they weren't, then they probably won't be able to catch whatever you've already done nor anything you might do in the future.

A university has every right to monitor you while you use their internet connection. They could in theory require you to use software that would transmit any information they wanted.
–
RamhoundSep 5 '12 at 17:08

@Ramhound I don't think the answer here is addressing using the University's Internet connection. The only connection to the University mentioned here is the type one is likely to do from their home network, such as checking webmail or an online classroom interface.
–
IsziSep 5 '12 at 17:10

I didn't address the possibility of using the university's VPN because I thought that would be too obvious. Of course if your packets are being routed through their internet gateway, they can do whatever they want with them, including flagging HTTP flows to sites known to harbor resources that lead to academic dishonesty (plagiarism, cheating, etc).
–
allquixoticSep 5 '12 at 17:12

Whether they can or cannot track you, and to what extent, depends on a lot of factors. Perhaps a separate, but possibly overriding, question should be "do they have reason to?".

If you've purchased the laptop from the University such that it is now your own property, and you are not using any University network resources, then they do not likely have any good reason to track you - and probably aren't. However, if the laptop is on loan from the University or you are using the University's network (via direct connection, VPN, Wi-Fi, or otherwise), the University may still have reason to monitor your usage.

If you accepted the laptop as-is from the University, with their pre-loaded OS and software, and did not wipe the hard drive and re-load the OS yourself, then it is always possible, however likely or not, that they may have some monitoring software on the system which could track your usage. This can be down to the finest detail - keystroke logging, screen capturing, webcam/microphone recording, etc - and without your knowledge. The only way to ensure this is not happening is to wipe the drive and load your own OS.

If you are ever using the University's network resources, they may also be monitoring your traffic. This includes any data you send in the clear over HTTP, FTP, Telnet, etc. as well as the destination or origin of any encrypted traffic such as HTTPS, SSH, etc.. If you are still using the University's standard OS & software load, it's also possible they may have an SSL Proxy configured in your Trusted Root Certificates so that they can read some of your encrypted traffic as well.

The only effective way around network-based monitoring is to use a trusted VPN provider, or a secure anonymizing service such as TOR. Even then, if your VPN/anonymizing service provider relies on SSL certificates and you are still using the University's standard software configuration, this protection may be still stripped via SSL Proxy.

Your best bet, if you don't want the University to be monitoring you, is to use your own trusted hardware that you've configured yourself and stay off their network.

I did not downvote your answer, someone else did, but I think it got downvoted because it is relatively less complete and less valuable an answer than the two other answers already posted. That said, I usually don't downvote something unless it is flat-out wrong. Your answer omits a lot of information, but you don't say anything that is completely false. For this reason I will neither up nor downvote it.
–
allquixoticSep 5 '12 at 17:16

I suppose it is relatively less complete and omits a lot of information. However, this was the first reply and was meant to simply give him the answer he wanted. I doubt he was ready for an in-depth, conspiracy theory answer, as he was asking due to the idea of "cookies, cache and jazz they can have access to" on his home network.
–
user142485Sep 6 '12 at 13:22